Adding workstations to a domain down a VPN Tunnel
Results 1 to 5 of 5

Thread: Adding workstations to a domain down a VPN Tunnel

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    27

    Adding workstations to a domain down a VPN Tunnel

    Doe's anyone have expierence with VPN's that could help me out here?
    I have VPN tunnels that go from remote sites back to our co-lo site all tying into a Cisco 3005 concentrator. The problem i'm having is when I bring up a new machine at a remote site and try to add it to the domain it fails saying it can't contact the DC. I can ping the domain controller all day long by name and IP. The firewall logs show no denys of any type but it does show netbios traffic going to the domain controller but it never goes back out. It's not a routing issue because I can ping it so it has a path back plus other applications work fine. I've also checked the route table of the DC and it has a persistant route back to the inside interface of the concentrator for 10.16.4.x traffic.

    Any ideas would be greatly appreciated.
    If at first you don\'t succeed, f**k it try something else.

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Are the users of the new box user accounts configured for VPN access? Within AD
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    On the machine you are adding to the domain, try forcing its DNS server to be the IP
    of the primary dns on your Internal network. Often its also a domain controller too.
    If you can't do that, are you running WINS?

    More often than not it can't find a DC cause it has no clue who the DC is which is usually
    best passed along by the Internal DNS for your Active Directory.

  4. #4
    Junior Member
    Join Date
    Jan 2004
    Posts
    27
    Jinxy, yes they are configured for VPN access within AD.

    The other thing that is strange is if an older machine is already added to the domain they can login just fine down the VPN tunnel, I just can't add any freaking new machines. Do you know if Unicast or multicast needs to go down the tunnel or what ports other than 135,137139?

    Grrrrrr...
    If at first you don\'t succeed, f**k it try something else.

  5. #5
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Could this be a bandwith management issue at the Consentrator. I cant see the examples on the link below on this box for some reason they are out of focus:

    http://www.cisco.com/en/US/tech/tk58...7cd.shtml#con2

    Dam the link has been trunkated so will not work. I was thinking along the lines of reserved bandwith for certain boxes already set up.

    http://www.cisco.com/en/US/tech/tk58...7cd.shtml#con2

    edit
    There are PPTP and L2TP, 128 ports each You can view the ports by expanding the local server node then click the ports icon in the RRAS snap-in tree.
    edit
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •